i believe if there is a publicly known security flaw affecting QNAP, then it's probably better for the users to mention it on the forum, if only to warn other users about the issue. no point trying to hide that when the cats out of the bag so speak.

or if a flaw gets ignored from being patched, then some users i see would start a thread to pressure qnap to do something about it